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DETAILED ACTION 
Notice to Applicant 

This communication is in response to the Pre-Brief Conference Request filed on 
03/21/2008. Claims 1-38 are pending. The examiner establishes new grounds of 
rejection, this action is made Non-Final 

Response to Arguments 

Applicant's arguments, see the Pre-Brief Conference Request, filed 03/21/2008, 
with respect to the rejection(s) of claim(s) 1-38 under 35 U.S.C. § 102 have been fully 
considered and are persuasive. Therefore, the rejection has been withdrawn. 
However, upon further consideration, a new ground(s) of rejection is made in view of 
Baldwin et al in view Chen et al. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-38 are rejected under 35 U.S.C. 103(a) as being unpatentable over 



Baldwin et al. (US 2004/0039924 A1) in view of Chen et al. (US 5,602,918) 
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Claim 1, 11,22, and 29 

Baldwin discloses each client having an embedded agent and the one embedded agent 
in each client having the embedded agent store the symmetric cryptographic key in 
storage accessible to the embedded agent (see at least, Figure 1 and [0067]: the 
examiner notes the cryptographic engine performs cryptographic operations in a 
restricted mode that is only accessible during normal operation by transferring control 
from a normal mode of the processor to a restricted mode of the processor via 
CryptoGate... symmetric key(s) and of performing symmetric cryptographic and public 
key cryptography and of pseudo random number generation, an optionally of private key 
cryptography) 

Baldwin fails to disclose provisioning a symmetric cryptographic key through 
multiple embedded agents and symmetric key that is not directly accessible to a host 
processor on the client and providing access to an encrypted traffic flow in a network to 
a client if the client is authenticated with the key. 

However, Chen discloses provisioning a symmetric cryptographic key through 
multiple embedded agents (see at least, col. 2, lines 23-29: the examiner notes 
establishing secured communication pathways across an open unsecure network and 
the use of a smart card to distribute shared secret keys between a computer and a 
client node on the internet) and symmetric key is not directly accessible to a host 
processor on the client (see at least col. 3, lines 44-48: the examiner notes the shared 
secret key is inaccessible even to the user processor of the card (e.g. host processor of 
the client)) and providing access to an encrypted traffic flow in a network to a client if the 
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client is authenticated with the key (see at least, col. 5, lines 24-29: the examiner notes 
after the authentication the session keys are used by the respective parties to encrypt 
further communication). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the teachings of Baldwin's normal/restricted processor to 
include a host processor that cannot access the symmetric key and provisioning a 
symmetric cryptographic key through multiple embedded agents and providing access 
to an encrypted traffic flow in a network to a client if the client is authenticated with the 
key as taught by Chen. One of ordinary skill in the art at the time the invention was 
made would have been motivated to combine the teachings in order to enable parties 
on a secured network to communicate via the internet or the public network by 
establishing safe passage between the secured network and the party on the public 
network (see at least, Chen, col. 2, lines 16-21). 

Claim 2. 12. 13. and 23 

Baldwin discloses a method according to claim 1, wherein provisioning the key through 
the embedded agents further comprises provisioning the key through an embedded 
agent having network access via a network link not visible to a host operating system 
(OS) running on the client (see at least, Figure, Figure 4, [0694-0700]: "VPN"; [0067]: " 
the cryptographic engine performs cryptographic operations in a restricted mode that is 
only accessible during normal operation by transferring control from a normal mode of 
the processor to a restricted mode of the processor via CryptoGate... symmetric key(s) 
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and of performing symmetric cryptographic and public key cryptography and of pseudo 
random number generation, an optionally of private key cryptography...")). 

Claim 3. 24, 25. 30. and 31 

Baldwin discloses a method according to claim 2, wherein providing access to the traffic 
flow if the client is authenticated comprises the embedded agent authenticating the 
client over the network line not visible to the host OS (see at least, Figure 1 , Figure 4, 
[0694-0700] :"VPN: client over the network not visible to the host OS"; [0039]: "...if the 
unsealed AppContainer has acceptable values then the specific application on a 
specific device is considered to be authenticated... [0199] :"PubKContainer is a digital 
envelope that is sealed by the client with an RSA public key...") ). 

Claim 4, 14, and 32 

Baldwin discloses a method according to claim 1, wherein providing access to the traffic 
flow further comprises providing multiple clients access with the key to nodes in the 
network, the nodes in the network to decrypt the traffic flow and subsequently encrypt 
the traffic flow to transmit the traffic to a next node in the network (see at least, Figure 4, 
[0704-0716]: "The VPN typically includes a number of machines that cooperate between 
them to grant access and block untrusted traffic..." "Process name Description MFCA 
Subscription Process that generates licensing information for a SAM... The ultimate 
purpose of this registration is to provide SAM with the appropriate App Key to seal and 
unseal App Containers that will be exchange with the client device... the VPN client, 
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SAM server, and the ARM server have to be configured to be able to hand out the 
appropriate App Keys successfully.."). 

Claim 5, 18, and 33 

Baldwin discloses a method according to claim 1 , further comprising updating at a client 
the symmetric cryptographic key provisioned across the multiple clients through a public 
and private key exchange with a public and private key associated the client (see at 
least, [0075] : "perform these functions, the authentication server seals and unseals 
containers that are exchanged with a cryptographically-enable- d client device, using 
the assistance of one or more Device Authority servers as needed. The authentication 
server maintains a table of Key ID (KID) values... "[0176]: " an acknowledgment servlet 
waits for a client response and then updates the database table for permanent DMK..., 
[0747]: " PubK Containter using the private bit of the communication key and updates its 
internal tables with the new device ADID.. if everything is all right, the application 
registration module has the Key ID of the client device, so it finds the DMK, and 
computes the App Key for the given ACD..."). 

Claim 6. 15. 16. 17. 19. 26. and 34 

Baldwin discloses a method according to claim 1, wherein providing access if the client 
is authenticated further comprises: the embedded agent verifying that a platform 
associated with the client is not compromised; and the embedded agent providing the 
key and an assertion that the client is not compromised to a verification entity on the 
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network (see at least, [0015] The present invention provides a small security kernel, 
that facilitates the process of analyzing and establishing trust in the implementation of 
the kernel, while at the same time removing the limitations of the aforementioned add- 
on hardware solutions. Ideally, the security kernel operates in a separate domain from 
both the application programs (applications) and the operating system (OS) running on 
the host machine, and yet with access to the memory of the OS and applications. The 
present invention provides such a security architecture by creating a small inner 
security kernel within the boundaries of a traditional existing operating system, and that 
can verify the integrity of and perform secure operations on behalf of the OS and 
applications. [0016] Another important aspect of this invention is that it enables the 
security kernel to be tied into an infrastructure that can establish trust via between two 
devices (e.g., client device and DSS), in some embodiments via a shared symmetric 
key. [0017] Key aspects of the present invention comprise [0018] (1) Open-at-reset 
lockable (OAR-locked) non-volatile memory (NVM) that contains a secret master key, 
called the Device Master Key or DMK, which is unique to the device. The DMK is 
moved into SMRAM, a specially controlled region of memory that is only accessible in 
a System Management Mode (SMM) at startup, and whereafter OAR-locked non- 
volatile memory is disabled, [0019] (2) containers to bind the DMK to specific 
applications, and that solves privacy/user controllability problems, and [0020] (3) spot 
checking of the integrity of a calling application "on-the-fly". [0021] The invention also 
provides Application Keys that are bound to the device and to Applications, and, 
optionally, to Customer-Secrets provided by the Applications. A given application can 
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have several different keys corresponding to different values of the Customer-Secret. 
[0230] The CustomerSecret part allows a company to discard compromised 
application Containers without having to get a new build for the application 
that would produce a different Application Code Digest. Also, this CustomerSecret 
allows a given instance of an application (e.g. secure logon application) on a device to 
securely share data with more that one server. Each server would setup a unique 
CustomerSecret with that same application on the same device. Thus, the sealed 
AppContainers could only be decrypted if the correct CustomerSecret is provided.") 

Claim 7 and 35 

Baldwin discloses a method according to claim 6, further comprising the embedded 
agent indicating to a remote network device if the client is compromised (see at least, 
Figure 4, [0652] Presented below is a description of the application registration module 
(ARM) component in the MFCA VPN product. The application registration module 
assists a Strong Authentication Module (SAM) in providing access to the secure App 
Containers that are exchanged between the client devices and cryptographically- 
enabled servers."). 

Claim 8 and 36 

Baldwin discloses a method according to claim 6, further comprising the embedded 
agent foreclosing network access to the client if the client is compromised (see at least, 
Figure 1 , Figure 4, [0029]: "Another exemplary system for hiding a master 



Application/Control Number: 10/809,315 Page 9 

Art Unit: 2139 

cryptographic key in storage comprises power-on software that reads a master key 
from non-volatile storage, closes access to the non-volatile storage such that access 
does not become available again until the next system reset, and writes sensitive data 
derived from the master key to a hidden address space, and wherein only a 
program that runs in a restricted operational mode of the system has access to 
the sensitive data in the hidden address space." [0090] The protected non-volatile 
memory 1 1 is used to store the secret device master key. The BIOS system 
initialization module 12 is responsible for securely transferring the secret DMKfrom 
non-volatile memory 1 1 into SMRAM 13, a protected memory region that is only 
addressable from SMM 16. After the DMK is transferred into SMRAM 13, the system 
initialization module 12 closes the OAR-lock latch 14 to render the non-volatile memory 
1 1 inaccessible to programs 15 running in the system until the next system reset. The 
DMK is only available in hidden SMRAM 16 during normal operation of the system. "). 



Claim 9, 20. 27 and 37 

Baldwin discloses a method according to claim 1 , further comprising the embedded 
agent performing cryptographic functions on data with the key to authenticate data with 
the key (see at least, [0067] The cryptographic engine (CryptoEngine) performs 
cryptographic operations in a restricted mode that is only accessible during normal 
operation by transferring control from a normal mode of the processor to a restricted 
mode of the processor via CryptoGate. The restricted mode operations may also 
include operations where sensitive data is available to the processor during secure 
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bootstrap and Power-On Self-Test operations. The CryptoEngine is capable of storing 
and recalling high integrity public keys, and of storing at least one long-lived symmetric 
key (the DMK), and of deriving symmetric keys from the long-lived symmetric key(s), 
and of performing symmetric cryptography (both integrity and privacy primitives) and 
public key cryptography, and of pseudo random number generation, and optionally of 
private key cryptography, and optionally of other cryptographic support functions such a 
key generation and importing and exporting keys. Some embodiments of the 
CryptoEngine may use specialized cryptographic hardware, such as smartcards, or a 
TCPA TPM." Abstract: System and method for securing a computing device using a 
master cryptographic key that is bound to the device. The master key is used to derive 
sensitive data that is transferred to storage that is only accessible in a restricted mode 
of operation. The master key is used to derive one or more application keys that are 
used to secure data that is specific to an application/device pair. Non-privileged 
programs can request functions that run in a more restricted mode to use these 
application keys. The restricted mode program checks the integrity of the non- 
privileged calling program to insure that it has the authority and/or integrity to perform 
each requested operation. One or more device authority servers may be used to issue 
and manage both master and application keys. ). 

Claim 10.21.28 and 38 

Baldwin discloses a method according to claim 1 , further comprising the embedded 
agent including a derivative of the key in a header of data to be transmitted to 
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authenticate the data with the key (see at least, [0198], [0247], [0279]: "AppContainer is 
a protected container that can only be read or written by a specific application program 
running on a specification machine... bound to a given machine by using a derivative of 
the DMK for encryption..." Abstract: The master key is used to derive sensitive data that 
is transferred to storage that is only accessible in a restricted mode of operation. The 
master key is used to derive one or more application keys that are used to secure data 
that is specific to an application/device pair. Non-privileged programs can request 
functions that run in a more restricted mode to use these application keys. The 
restricted mode program checks the integrity of the non-privileged calling program to 
insure that it has the authority and/or integrity to perform each requested operation. 
One or more device authority servers may be used to issue and manage both master 
and application keys."). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KARI L. SCHMIDT whose telephone number is 
(571)270-1385. The examiner can normally be reached on Monday - Friday: 7:30am - 
5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Christian LaForgia/ 

Primary Examiner, Art Unit 2139 

/Kari L Schmidt/ 
Examiner, Art Unit 2139 



